7d9aee
%global with_check 0
7d9aee
7d9aee
%global _find_debuginfo_dwz_opts %{nil}
7d9aee
%global _dwz_low_mem_die_limit 0
7d9aee
7d9aee
%if 0%{?rhel} > 7 && ! 0%{?fedora}
7d9aee
%define gobuild(o:) \
7d9aee
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
7d9aee
%else
7d9aee
%if ! 0%{?gobuild:1}
7d9aee
%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**};
7d9aee
%endif
7d9aee
%endif
7d9aee
7d9aee
%global provider github
7d9aee
%global provider_tld com
7d9aee
%global project opencontainers
7d9aee
%global repo runc
7d9aee
# https://github.com/opencontainers/runc
7d9aee
%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
7d9aee
%global git0 https://%{import_path}
7d9aee
%global release_candidate rc92
7d9aee
7d9aee
Name: %{repo}
7d9aee
Version: 1.0.0
0331be
Release: 72.%{release_candidate}%{?dist}
7d9aee
Summary: CLI for running Open Containers
7d9aee
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
7d9aee
#ExclusiveArch: %%{go_arches}
7d9aee
# still use arch exclude as the macro above still refers %%{ix86} in RHEL8.4:
7d9aee
# https://bugzilla.redhat.com/show_bug.cgi?id=1905383
7d9aee
ExcludeArch: %{ix86}
7d9aee
License: ASL 2.0
7d9aee
URL: %{git0}
7d9aee
Source0: %{git0}/archive/v1.0.0-%{release_candidate}.tar.gz
2b979c
Patch0: 0001-rc92-rootfs-add-mount-destination-validation.patch
0331be
Patch1: 2614.patch
7d9aee
Provides: oci-runtime = 1
7d9aee
BuildRequires: golang >= 1.12.12-4
7d9aee
BuildRequires: git
7d9aee
BuildRequires: go-md2man
7d9aee
BuildRequires: libseccomp-devel
7d9aee
Requires: criu
7d9aee
7d9aee
%description
7d9aee
The runc command can be used to start containers which are packaged
7d9aee
in accordance with the Open Container Initiative's specifications,
7d9aee
and to manage containers running under runc.
7d9aee
7d9aee
%prep
7d9aee
%autosetup -Sgit -n %{repo}-%{version}-%{release_candidate}
7d9aee
sed -i '/\#\!\/bin\/bash/d' contrib/completions/bash/%{name}
7d9aee
7d9aee
%build
7d9aee
mkdir -p GOPATH
7d9aee
pushd GOPATH
7d9aee
    mkdir -p src/%{provider}.%{provider_tld}/%{project}
7d9aee
    ln -s $(dirs +1 -l) src/%{import_path}
7d9aee
popd
7d9aee
7d9aee
pushd GOPATH/src/%{import_path}
7d9aee
export GOPATH=%{gopath}:$(pwd)/GOPATH
7d9aee
export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
7d9aee
export BUILDTAGS="selinux seccomp"
7d9aee
%gobuild -o %{name} %{import_path}
7d9aee
7d9aee
pushd man
7d9aee
./md2man-all.sh
7d9aee
popd
7d9aee
7d9aee
%install
7d9aee
install -d -p %{buildroot}%{_bindir}
7d9aee
install -p -m 755 %{name} %{buildroot}%{_bindir}
7d9aee
7d9aee
# install man pages
7d9aee
install -d -p %{buildroot}%{_mandir}/man8
7d9aee
install -p -m 644 man/man8/* %{buildroot}%{_mandir}/man8
7d9aee
# install bash completion
7d9aee
install -d -p %{buildroot}%{_datadir}/bash-completion/completions
7d9aee
install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash-completion/completions
7d9aee
7d9aee
%check
7d9aee
7d9aee
#define license tag if not already defined
7d9aee
%{!?_licensedir:%global license %doc}
7d9aee
7d9aee
%files
7d9aee
%license LICENSE
7d9aee
%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md
7d9aee
%{_bindir}/%{name}
7d9aee
%{_mandir}/man8/%{name}*
7d9aee
%{_datadir}/bash-completion/completions/%{name}
7d9aee
7d9aee
%changelog
0331be
* Thu Aug 05 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.0-72.rc92
0331be
- fix "Under load, container failed to be created due to missing cgroup scope"
bfb7ae
- Resolves: #1990406
0331be
2b979c
* Fri May 21 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.0-71.rc92
2b979c
- fix CVE-2021-30465
bfb7ae
- Related: #1955656
2b979c
7d9aee
* Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.0-70.rc92
7d9aee
- add missing Provides: oci-runtime = 1
7d9aee
- Related: #1883490
7d9aee
7d9aee
* Tue Dec 08 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-69.rc92
7d9aee
- still use ExcludeArch as go_arches macro is broken for 8.4
7d9aee
- Related: #1883490
7d9aee
7d9aee
* Tue Aug 11 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-68.rc92
7d9aee
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
7d9aee
- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
7d9aee
- Related: #1821193
7d9aee
7d9aee
* Thu Jul 02 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-67.rc91
7d9aee
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91
7d9aee
- Related: #1821193
7d9aee
7d9aee
* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-66.rc10
7d9aee
- synchronize containter-tools 8.3.0 with 8.2.1
7d9aee
- Related: #1821193
7d9aee
7d9aee
* Wed Feb 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-65.rc10
7d9aee
- address CVE-2019-19921 by updating to rc10
7d9aee
- Resolves: #1801887
7d9aee
7d9aee
* Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-64.rc9
7d9aee
- use no_openssl in BUILDTAGS (no vendored crypto in runc)
7d9aee
- Related: RHELPLAN-25139
7d9aee
7d9aee
* Mon Dec 09 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-63.rc9
7d9aee
- be sure to use golang >= 1.12.12-4
7d9aee
- Related: RHELPLAN-25139
7d9aee
7d9aee
* Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-62.rc9
7d9aee
- rebuild because of CVE-2019-9512 and CVE-2019-9514
7d9aee
- Resolves: #1766331, #1766303
7d9aee
7d9aee
* Thu Nov 21 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-61.rc9
7d9aee
- update to runc 1.0.0-rc9 release
7d9aee
- amend golang deps
7d9aee
- fixes CVE-2019-16884
7d9aee
- Resolves: #1759651
7d9aee
7d9aee
* Mon Jun 17 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-60.rc8
7d9aee
- Resolves: #1721247 - enable fips mode
7d9aee
7d9aee
* Mon Jun 17 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-59.rc8
7d9aee
- Resolves: #1720654 - rebase to v1.0.0-rc8
7d9aee
7d9aee
* Thu Apr 11 2019 Eduardo Santiago <santiago@redhat.com> - 1.0.0-57.rc5.dev.git2abd837
7d9aee
- Resolves: #1693424 - podman rootless: cannot specify gid= mount options
7d9aee
7d9aee
* Wed Feb 27 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-56.rc5.dev.git2abd837
7d9aee
- change-default-root patch not needed as there's no docker on rhel8
7d9aee
7d9aee
* Tue Feb 12 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-55.rc5.dev.git2abd837
7d9aee
- Resolves: CVE-2019-5736
7d9aee
7d9aee
* Tue Dec 18 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-54.rc5.dev.git2abd837
7d9aee
- re-enable debuginfo
7d9aee
7d9aee
* Mon Dec 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-53.rc5.dev.git2abd837
7d9aee
- go toolset not in scl anymore
7d9aee
7d9aee
* Wed Sep 26 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-52.rc5.dev.git2abd837
7d9aee
- rebase
7d9aee
7d9aee
* Fri Aug 31 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-51.dev.gitfdd8055
7d9aee
- Fix handling of tmpcopyup
7d9aee
7d9aee
* Fri Aug 24 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.0.0-49.rc5.dev.gitb4e2ecb
7d9aee
- %%gobuild uses no_openssl
7d9aee
- remove unused devel and unit-test subpackages
7d9aee
7d9aee
* Tue Aug 07 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.0.0-48.rc5.dev.gitad0f525
7d9aee
- build with %%gobuild
7d9aee
- exlude i686 temporarily because of go-toolset issues
7d9aee
7d9aee
* Mon Jul 30 2018 Florian Weimer <fweimer@redhat.com> - 1.0.0-47.dev.gitb4e2ecb
7d9aee
- Rebuild with fixed binutils
7d9aee
7d9aee
* Fri Jul 27 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-46.dev.gitb4e2ecb
7d9aee
- Add patch https://github.com/opencontainers/runc/pull/1807 to allow
7d9aee
- runc and podman to work with sd_notify
7d9aee
7d9aee
* Wed Jul 18 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.0.0-40.rc5.dev.gitad0f525
7d9aee
- Remove sysclt handling, not needed in RHEL8
7d9aee
- Make sure package built with seccomp flags
7d9aee
- Remove rectty
7d9aee
- Add completions
7d9aee
7d9aee
* Fri Jun 15 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.0.0-36.rc5.dev.gitad0f525
7d9aee
- Better handling of user namespace
7d9aee
7d9aee
* Tue May 1 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-31.rc5.git0cbfd83
7d9aee
- Fix issues between SELinux and UserNamespace
7d9aee
7d9aee
* Tue Apr 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-27.rc5.dev.git4bb1fe4
7d9aee
- rebuilt, placed missing changelog entry back
7d9aee
7d9aee
* Tue Feb 27 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-26.rc5.git4bb1fe4
7d9aee
- release v1.0.0~rc5
7d9aee
7d9aee
* Wed Jan 24 2018 Dan Walsh <dwalsh@redhat.name> - 1.0.0-26.rc4.git9f9c962
7d9aee
- Bump to the latest from upstream
7d9aee
7d9aee
* Mon Dec 18 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-25.rc4.gite6516b3
7d9aee
- built commit e6516b3
7d9aee
7d9aee
* Fri Dec 15 2017 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-24.rc4.dev.gitc6e4a1e.1
7d9aee
- rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f
7d9aee
- https://github.com/opencontainers/runc/pull/1651
7d9aee
7d9aee
* Tue Dec 12 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-23.rc4.git1d3ab6d
7d9aee
- Resolves: #1524654
7d9aee
7d9aee
* Sun Dec 10 2017 Dan Walsh <dwalsh@redhat.name> - 1.0.0-22.rc4.git1d3ab6d
7d9aee
- Many Stability fixes
7d9aee
- Many fixes for rootless containers
7d9aee
- Many fixes for static builds
7d9aee
7d9aee
* Thu Nov 09 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-21.rc4.dev.gitaea4f21
7d9aee
- enable debuginfo and include -buildmode=pie for go build
7d9aee
7d9aee
* Tue Nov 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-20.rc4.dev.gitaea4f21
7d9aee
- use Makefile
7d9aee
7d9aee
* Tue Nov 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-19.rc4.dev.gitaea4f21
7d9aee
- disable debuginfo temporarily
7d9aee
7d9aee
* Fri Nov 03 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-18.rc4.dev.gitaea4f21
7d9aee
- enable debuginfo
7d9aee
7d9aee
* Wed Oct 25 2017 Dan Walsh <dwalsh@redhat.name> - 1.0.0-17.rc4.gitaea4f21
7d9aee
- Add container-selinux prerequires to make sure runc is labeled correctly
7d9aee
7d9aee
* Thu Oct 19 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-16.rc4.dev.gitaea4f21
7d9aee
- correct the release tag "rc4dev" -> "rc4.dev" cause I'm OCD
7d9aee
7d9aee
* Mon Oct 16 2017 Dan Walsh <dwalsh@redhat.com> - 1.0.0-15.rc4dev.gitaea4f21
7d9aee
- Use the same checkout as Fedora for lates CRI-O
7d9aee
7d9aee
* Fri Sep 22 2017 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-14.rc4dev.git84a082b
7d9aee
- rebase to 84a082bfef6f932de921437815355186db37aeb1
7d9aee
7d9aee
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-13.rc3.gitd40db12
7d9aee
- Resolves: #1479489
7d9aee
- built commit d40db12
7d9aee
7d9aee
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-12.1.gitf8ce01d
7d9aee
- disable s390x temporarily because of indefinite wait times on brew
7d9aee
7d9aee
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-11.1.gitf8ce01d
7d9aee
- correct previous bogus date :\
7d9aee
7d9aee
* Mon Jun 12 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-10.1.gitf8ce01d
7d9aee
- Resolves: #1441737 - run sysctl_apply for sysctl knob
7d9aee
7d9aee
* Tue May 09 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-9.1.gitf8ce01d
7d9aee
- Resolves: #1447078 - change default root path
7d9aee
- add commit e800860 from runc @projectatomic/change-root-path
7d9aee
7d9aee
* Fri May 05 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-8.1.gitf8ce01d
7d9aee
- Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts
7d9aee
7d9aee
* Thu Apr 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-7.1.gitf8ce01d
7d9aee
- Resolves: #1429675
7d9aee
- built @opencontainers/master commit f8ce01d
7d9aee
7d9aee
* Thu Mar 16 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-4.1.gitee992e5
7d9aee
- built @projectatomic/master commit ee992e5
7d9aee
7d9aee
* Fri Feb 24 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-3.rc2
7d9aee
- Resolves: #1426674
7d9aee
- built projectatomic/runc_rhel_7 commit 5d93f81
7d9aee
7d9aee
* Mon Feb 06 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-2.rc2
7d9aee
- Resolves: #1419702 - rebase to latest upstream master
7d9aee
- built commit b263a43
7d9aee
7d9aee
* Wed Jan 11 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-1.rc2
7d9aee
- Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable,
7d9aee
runc patch from Michael Crosby <crosbymichael@gmail.com>
7d9aee
7d9aee
* Wed Sep 07 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-6
7d9aee
- Resolves: #1373980 - rebuild for 7.3.0
7d9aee
7d9aee
* Sat Jun 25 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-5
7d9aee
- build with golang >= 1.6.2
7d9aee
7d9aee
* Tue May 31 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-4
7d9aee
- release tags were inconsistent in the previous build
7d9aee
7d9aee
* Tue May 31 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-1
7d9aee
- Resolves: #1341267 - rebase runc to v0.1.1
7d9aee
7d9aee
* Tue May 03 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-3
7d9aee
- add selinux build tag
7d9aee
- add BR: libseccomp-devel
7d9aee
7d9aee
* Tue May 03 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-2
7d9aee
- Resolves: #1328970 - add seccomp buildtag
7d9aee
7d9aee
* Tue Apr 19 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-1
7d9aee
- Resolves: rhbz#1328616 - rebase to v0.1.0
7d9aee
7d9aee
* Tue Mar 08 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.0.8-1.git4155b68
7d9aee
- Resolves: rhbz#1277245 - bump to 0.0.8
7d9aee
- Resolves: rhbz#1302363 - criu is a runtime dep
7d9aee
- Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps
7d9aee
- manpages included
7d9aee
7d9aee
* Wed Nov 25 2015 jchaloup <jchaloup@redhat.com> - 1:0.0.5-0.1.git97bc9a7
7d9aee
- Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2
7d9aee
7d9aee
* Fri Aug 21 2015 Jan Chaloupka <jchaloup@redhat.com> - 0.2-0.2.git90e6d37
7d9aee
- First package for Fedora
7d9aee
  resolves: #1255179